Bug#870650: marked as done (glibc: CVE-2017-12132)

Debian Bug Tracking System Sun, 20 Aug 2017 10:31:32 -0700

Your message dated Sun, 20 Aug 2017 17:26:43 +0000
with message-id <e1djtzn-000iya...@fasolo.debian.org>
and subject line Bug#870650: fixed in glibc 2.25-0experimental1
has caused the Debian Bug report #870650,
regarding glibc: CVE-2017-12132
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870650
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: glibc
Version: 2.24-11
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21361

Hi,

the following vulnerability was published for glibc.

CVE-2017-12132[0]:
| The DNS stub resolver in the GNU C Library (aka glibc or libc6) before
| version 2.26, when EDNS support is enabled, will solicit large UDP
| responses from name servers, potentially simplifying off-path DNS
| spoofing attacks due to IP fragmentation.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12132
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21361

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: glibc
Source-Version: 2.25-0experimental1

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 20 Aug 2017 19:02:51 +0200
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales 
locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic 
libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 
libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc 
libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 
libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 
libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 
libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 
libc6-dev-x32 libc6-xen libc0.3-xen libc6.1-alphaev67
Architecture: source
Version: 2.25-0experimental1
Distribution: experimental
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc-l10n  - GNU C Library: localization files
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for 
ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 827703 868247 870650
Changes:
 glibc (2.25-0experimental1) experimental; urgency=medium
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/submitted-net.diff: rebased.
   * patches/hurd-i386/tg-tls.diff: update.
   * patches/hurd-i386/submitted-malloc-setstate.diff: update.
   * patches/hurd-i386/submitted-shm_open_pthread.diff: new patch.
   * patches/hurd-i386/cvs-libc_init_secure.diff: new patch.
   * patches/hurd-i386/cvs-libpthread.diff: update.
   * patches/hurd-i386/git-__inet6_scopeid_pton.diff: new patch from upstream.
   * patches/hurd-i386/tg2.25-tls.diff: new patch.
   * patches/hurd-i386/local-nocheck-installed-headers.diff: New patch to
     disable checking hurd and mach headers for standards, they are not.
   * patches/hurd-i386/submitted-net.diff: Disable installing if_ppp.h, it just
     does not work without OS-specific ppp_defs.h.
   * testsuite-xfail-debian.mk: update for hurd-i386.
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Reduce EDNS payload size to 1200 bytes (CVE-2017-12132). Closes:
       #870650.
     - debian/patches/hppa/local-fptr-table-size.diff: upstreamed.
     - debian/patches/hppa/local-shmlba.diff: upstreamed.
     - debian/patches/hppa/submitted-gmon-start.diff: partially upstreamed.
     - debian/patches/hppa/submitted-dladdr.diff: upstreamed.
     - debian/patches/hppa/local-stack-grows-up.diff: upstreamed.
     - debian/patches/hppa/submitted-setcontext.diff: upstreamed.
     - debian/patches/hppa/submitted-sysdeps-cancel.diff: upstreamed.
     - debian/patches/hppa/submitted-longjmp.diff: upstreamed.
   * debian/patches/kfreebsd/local-sysdeps.diff, local-fbtl.diff:
     update to revision 6171 (from glibc-bsd).
   * testsuite-xfail-debian.mk: update for kfreebsd-i386.
   * debian/patches/any/local-bits-sigstack.diff: new patch to fix
     <bits/sigstack.h> on Hurd and kFreeBSD.
   * debian/control.in/main: Build-Depends on python3 when running the
     testsuite.
   * debian/rules.d/build.mk, debian/debhelper.in/libc-dev.install,
     debian/debhelper.in/libc-dev-alt.install: install the NPTL GDB
     pretty-printer python macros in the libc6-dev and libc6-*-dev packages.
     Closes: #868247.
   * debian/debhelper.in/libc-dev-alt.{preinst,postinst}: remove, used to
     handle the multiarch transition.
   * debian/debhelper.in/libc.{preinst,postinst}: remove code not needed
     since jessie.
   * debian/patches/mips/submitted-syscalls5-7-unbound-stack.diff: new
     patch to fix unbounded stack allocation in O32 syscalls with 5 to 7
     arguments, causing nptl/tst-rwlock15 to fail on mips and mipsel.
   * debian/control.in/main,debian/compat: switch to debhelper 10.
 .
   [ John David Anglin ]
   * debian/patches/any/submitted-resolv-unaligned.diff: new patch to fix
     misaligned accesses in res_query.c to fields in HEADER struct (closes:
     #827703).
Checksums-Sha1:
 8bb6b88109cf8e7215a448c044a1690740b5b908 8290 glibc_2.25-0experimental1.dsc
 2ee6726e0a4d513c539ad0acccff125c1cdcc06f 988936 
glibc_2.25-0experimental1.debian.tar.xz
 aeb0e346494382bd3f73022325b9252716f49461 7390 
glibc_2.25-0experimental1_source.buildinfo
Checksums-Sha256:
 6e7d7dada2d21c1d353f80fb6ad89fdd2015dd72b293ea3d90f50336160b1174 8290 
glibc_2.25-0experimental1.dsc
 7ba1e1d09539e79de7a73cc893b15568780ccdf3344877eb6780528d8729d5d6 988936 
glibc_2.25-0experimental1.debian.tar.xz
 5c0a8cc26eaf93c25ef950181cf7d9d1469e9889533fc3321a0cffee064f9209 7390 
glibc_2.25-0experimental1_source.buildinfo
Files:
 a1dfa43cac8ffc1d4a52e651556ea25b 8290 libs required 
glibc_2.25-0experimental1.dsc
 1743311dd86f4416f8ab8014726fb69d 988936 libs required 
glibc_2.25-0experimental1.debian.tar.xz
 4706cec32a65fafee3a203ec71af389c 7390 libs required 
glibc_2.25-0experimental1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEd0YmQqnvlP0Pdxltupx4Bh3djJsFAlmZwUAACgkQupx4Bh3d
jJvTVw//Wdk6qPhF22btXxkrKmRkbsiSuKs/bvCCicakhJcnOwi0J9t5OyqaNp98
8SfPelRKsVh1SOwSxWUBNBb+tLeL7/7bjuViukQQI+J0DsRdGScyFAi9yTq9VXX+
5C5raNza8TOEE9f/a0cLAUTBPJJQOJgBiZEYMIiW4Ju7mQ3/vB5NWBjJIwe8jSSm
U2UHMvbADyGGAzEIVwEeuYG/XVd0VTrtafX55iNLRO2/LxrbdvekvnHDkh2wos1t
KHpXqJEIswt3jX+Ifs+wU8KGszQuFF2kYV+qbc/mZU7TPGkSifz8P6I9GFeGHPzB
PMYiGGh/H/gP6XJKc7SGTYD0ThewtHNbLopJg4BLV6+kqCSuUiAE8+g5OReBByyM
eLA8mUlCFm5G+jSwCNEXlfIkUTywVDY975NuAtvrwLpeb9tRbBgGYDYLjqpRJbaL
wdZq9pw9524WEhWWD+eL2Dt8+KtfQiLdqe9tbucWjJtcxslKMOUhgUWadYl00VAC
94roCdxZELZyplpRxv99VUYu+GxBeTjGC4VQgB0w1DQt7W5OQfydZ1yosKknckJK
AXWG8Iw03jgYmBXBhHspNB+bBzRh/E964e+ZMj+PyPj1RZ0xozEOqbFY3KSsH16j
HRy4i7Ib3WDu8M5pSCLkSEdZmXnrYOopeK65T9/0tKTaqgyY91U=
=E9Js
-----END PGP SIGNATURE-----

--- End Message ---

Bug#870650: marked as done (glibc: CVE-2017-12132)

Reply via email to